election security

Press Release: CGA's Jake Braun Testifies Before U.S. House Homeland Security Committee

Washington, DC (February 13, 2019) - Today, Jake Braun, co-founder of the Voting Village at DEF CON -- the world’s largest and longest running hacker conference -- testified before the U.S. House Homeland Security Committee about the cybersecurity threats facing our nation’s elections infrastructure.  Citing DEF CON’s own groundbreaking research that it has conducted over the last two years in the aftermath of the Russian hacking during the 2016 elections, Braun’s testimony represented one of the first times DEF CON was invited to play a prominent role in informing and educating Washington lawmakers on issues of national security.

The testimony also represented a first foray into Washington for the University of Chicago’s Cyber Policy Initiative (CPI), launched last year at DEF CON 26 and currently led by Braun, who serves as its Executive Director. Housed within the Harris School at the University of Chicago, CPI serves as a forum through which hackers, technologists, academics, and the cyber research community can engage policy makers at all levels of government to strengthen our voting systems and our democracy.

“It’s an honor to be here on the Hill wearing both hats today,” said Braun. “Over the last two years, DEF CON has done cutting-edge research to expose and elevate the vulnerabilities in our voting systems -- and now CPI is playing a critical translator role, taking findings out of the ‘hacker’ world and explaining threats and solutions to lawmakers in policy terms, helping to tackle what’s become one of the biggest national security concerns of our time.”

In addition to highlighting the link between national security and protection of our nation’s election infrastructure, Braun highlighted specific vulnerabilities found by the DEF CON Voting Village demonstration, which represented the first public, third-party security assessment of voting machines.

Braun also added, “The attacks on our election infrastructure are not solely an election administration nuisance but rather a national security threat,” said Braun. “This is about our national security apparatus marshalling its resources to do what our nation expects it to do, which is protect our country from existential threats to the United States.”

The hearing, called by Representative Bennie G. Thompson (D-MS), sought to kick-off debate on H.R. 1, the For the People Act of 2019.  Braun was joined by notable election leaders including California Secretary of State Alex Padilla; former Cook County, Illinois, Director of Elections Noah Praetz; Alabama Secretary of State John Merrill; Christopher C. Krebs, Director, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security; and Thomas Hicks, Chairman, U.S. Election Assistance Commission.

Additional Resources:

For a full video of the proceedings, please visit https://youtu.be/EXosdmRSsNA

For Braun’s full testimony, please visit: https://homeland.house.gov/sites/democrats.homeland.house.gov/files/documents/Testimony-Braun.pdf

For the full 2017 DEF CON report, please visit https://defcon.org/images/defcon-25/DEF CON 25 voting village report.pdf

For the full 2018 DEF CON report, please visit https://defcon.org/images/defcon-26/DEF CON 26 voting village report.pdf

###


PRESS RELEASE: Cambridge Global CEO Jake Braun Presents DEFCON Voting Village Report at LRPP Conference

June 28, 2018 (Singapore) - This week, Cambridge Global Advisors (CGA) was proud to announce that CEO Jake Braun presented the 7th Annual International Conference on Law, Regulations, and Public Policy (LRPP) in Singapore.  Hosted by the Global Science & Technology Forum (GTSF), the conference brings together public sector leaders from around the world to discuss the latest developments in legal, policy, and regulatory space.

Bruan’s presentation featured a discussion on the ground-breaking “Voting Machine Hacker Village” demonstration at last year’s DEFCON -- the largest, longest running hacker conference in the world. Coming at a time when intelligence and news was emerging about Russian-backed attempts to hack U.S. voting infrastructure during the 2016 election, the DEFCON Voting Village sought to serve as an awareness-building opportunity.  The Village assembled more than 25 pieces of election equipment including voting machines and pollbooks still widely used in U.S. elections today and made them accessible to thousands of hackers.

Following on the Voting Village demonstration, Braun and several other Village organizers co-authored an award-winning report, detailing the Voting Village findings. The report can be accessed here.

In presenting this report at the LRPP 2018 Conference, Braun furthered his efforts to raise awareness about the severity and pervasiveness of cyber threats facing not only the U.S. but also democracies around the world.

“Nefarious cyber actors, including but not limited to Russia, know no boundaries,” said Braun. “What the DEFCON Voting Village revealed last year is that this is election security a global problem that will continue to persist. We have to work together, across all nations, in the cyber, public policy and legal arena to make our elections more secure. LRPP gives one forum to start and continue this important conversation.”

The Voting Village is slated to run again at this year’s DEFCON, August 9-12, 2018, hosted annually in Las Vegas.

 

###

About CGA

Cambridge Global Advisors is a strategic advisory services firm with deep expertise at the global, national, state and local levels. CGA assists clients in the management, development, and implementation of their programs, practices, and policies – with a special emphasis on homeland and cybersecurity. CGA works with government, non-profit organizations, and Fortune 500 companies to provide consulting and project management services as well as public diplomacy, stakeholder engagement, and communications.  To learn more, visit www.cambridgeglobal.com or follow on Twitter at @camb_global

PRESS RELEASE: Cambridge Global CEO Jake Braun Honored with Multiple Cybersecurity Excellence Awards

March 6, 2018 (Washington, DC)This past month CEO of Cambridge Global Advisors (CGA) Jake Braun was named recipient of three awards for his work in raising awareness around cyber threats facing U.S. democracy and election infrastructure, such as those attempted by Russia during the 2016 elections.  

One of the cyber industry’s most coveted programs, the 2018 Cybersecurity Excellence Awards annually honor individuals and companies that demonstrate leadership in information security. With over 400 entries, Braun was nominated and won respective honors in all categories for which he was nominated:

The Cybersecurity Excellence Awards specifically recognized Braun’s work with DEFCON – the world’s largest, longest-running hacker conference – where Braun led the creation of DEFCON’s first-ever Voting Machine Hacking Village. The Village assembled more than 25 pieces of election equipment including voting machines and pollbooks still widely used in U.S. elections today and made them accessible to thousands of hackers who were encouraged to test the technology and expose cyber vulnerabilities for educational purposes.

Commenting on the honors, Braun said: “I am deeply proud of these awards, which, to me, demonstrate that election security isn’t just a hacker thing. The 2018 elections are getting underway, and it’s critical we approach this issue as the national security concern it is.  We must do all we can to protect the vote – and our democracy – from foreign enemies that want to sow discord and distrust.”

Beyond his work with DEFCON, Braun has partnered with institutions and organizations including the University of Chicago and the Atlantic Council to focus on forwarding of policies and best practices that will help election administrators better safeguard the vote from cyberattacks in 2018 and beyond. In October, Braun worked with the Atlantic Council to release an award-winning report about the DEFCON Voting Village’s findings. This report is still being used by U.S. national security leaders to inform new policies to secure the critical infrastructure of the U.S. election system.

###
Cambridge Global Advisors is a strategic advisory services firm with deep expertise at the global, national, state and local levels. CGA assists clients in the management, development, and implementation of their programs, practices, and policies – with a special emphasis on homeland and cybersecurity. CGA works with government, non-profit organizations, and Fortune 500 companies to provide consulting and project management services as well as public diplomacy, stakeholder engagement, and communications.  To learn more, visit www.cambridgeglobal.com or follow on Twitter at @camb_global

NYTimes: Russia Sees Midterm Elections as Chance to Sow Fresh Discord, Intelligence Chiefs Warn

This article citing CGA Principal Douglas Lute appeared in the New York Times, February 13, 2018.

WASHINGTON — Russia is already meddling in the midterm elections this year, the top American intelligence officials said on Tuesday, warning that Moscow is using a digital strategy to worsen the country’s political and social divisions.

Russia is using fake accounts on social media — many of them bots — to spread disinformation, the officials said. European elections are being targeted, too, and the attacks were not likely to end this year, they warned.

“We expect Russia to continue using propaganda, social media, false-flag personas, sympathetic spokespeople and other means of influence to try to exacerbate social and political fissures in the United States,” Dan Coats, the director of national intelligence, told the Senate Intelligence Committee at its annual hearing on worldwide threats.

Mr. Coats and the other intelligence chiefs laid out a pair of central challenges for the United States: contending with the flow of Russian misinformation and shoring up the defenses of electoral systems, which are run by individual states and were seen as highly vulnerable in 2016.

“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” said Mr. Coats, testifying alongside Mike Pompeo, the C.I.A. director; Christopher A. Wray, the F.B.I. director; and other leading intelligence officials.


“Throughout the entire community, we have not seen any evidence of any significant change from last year,” Mr. Coats said.

The warnings were striking in their contrast to President Trump’s public comments. He has mocked the very notion of Russian meddling in the last election and lashed out at those who suggested otherwise.

Mr. Trump has not directed his intelligence officials to specifically combat Russian interference, they said. But Mr. Pompeo said that the president has made clear that the C.I.A. has “an obligation, from the foreign intelligence perspective, to do everything we can to make sure there’s a deep and thorough understanding of every threat, including threats from Russia.”

Russia appears eager to spread information — real and fake — that deepens political divisions. Bot armies promoted partisan causes on social media, including the recent push to release a Republican congressional memo critical of law enforcement officials.

The bots have also sought to portray the F.B.I. and Justice Department as infected by partisan bias, said Senator Mark Warner of Virginia, the top Democrat on the intelligence committee.

“Other threats to our institutions come from right here at home,” he said. “There have been some, aided and abetted by Russian internet bots and trolls, who have attacked the basic integrity of the F.B.I. and the Justice Department. This is a dangerous trend.”

Russia does not, however, appear to be trying to penetrate voting machines or Americans’ ballots, United States officials said.

“While scanning and probing of networks happens across the internet every day, we have not seen specific or credible evidence of Russian attempts to infiltrate state election infrastructure like we saw in 2016,” Jeanette Manfra, the chief cybersecurity official at the Department of Homeland Security, said in an interview last week.

Right now, Mr. Pompeo said, Russia is trying to focus on what are known as influence operations — using social media and other platforms to spread favorable messages — not hacking.

“The things we have seen Russia doing to date are mostly focused on information types of warfare,” he said.

Intelligence officials and election-security experts have said both the states and federal agencies have made significant progress in addressing voting system vulnerabilities since 2016, when state-level officials could not even be warned of attacks because they lacked the necessary security clearances.

 

The intelligence community was focused on gathering information about potential attacks and then sharing it with local and state election officials, Mr. Coats said during the hearing.

Mr. Coats called Moscow’s meddling “pervasive.”

“The Russians have a strategy that goes well beyond what is happening in the United States,” he said. “While they have historically tried to do these types of things, clearly in 2016 they upped their game. They took advantage, a sophisticated advantage of social media. They are doing that not only in the United States but doing it throughout Europe and perhaps elsewhere.”

Mr. Pompeo was also asked about reports last week by The New York Times and The Intercept that American intelligence agencies spent months negotiating with a Russian who said he could sell stolen American cyberweapons and that the deal would include purportedly compromising material on Mr. Trump. The negotiations were conducted through an American businessman who lives in Europe and served as a cutout for American intelligence agencies.

Mr. Pompeo called the reporting “atrocious, ridiculous and inaccurate” and said the C.I.A. had not paid the Russian. The Times, citing American and European intelligence officials, said only that American spies had paid the Russian $100,000 for the cyberweapons using an indirect channel. Those weapons were never delivered. The Russian did provide information on Mr. Trump, which intelligence agencies refused to accept and remains with the American businessman.

“Our story was based on numerous interviews, a review of communications and other evidence. We stand by it,” said Dean Baquet, the executive editor of The Times.

Mr. Pompeo did appear to acknowledge the operation itself, saying that “the information that we were working to try and retrieve was information we believed might well have been stolen from the U.S. government.”

He and the other intelligence chiefs, including Adm. Michael S. Rogers, the departing director of the National Security Agency, also addressed the slew of other threats they see facing the United States. They cited North Korea’s nuclear program, Islamist militants in the Middle East and even illicit drug trafficking, especially the smuggling of cheaply made fentanyl, a powerful opioid responsible for thousands of deathseach year.

But as has been the case for years, the intelligence leaders presented cyberactivities of rival nations and rogue groups as the foremost threat facing the United States. They warned that such risks were likely to only grow, citing China, Iran, North Korea and Russia, along with militant groups and criminal networks, as the main agitators.

To ease the flow of information, the Department of Homeland Security is trying to get at least one election official in each state a security clearance. To date, 21 officials in 20 states received at least interim “secret”-level clearances, Ms. Manfra said in the interview.

The federal government is also working to provide states with enhanced online security “to ensure the American people that their vote is sanctioned and well and not manipulated in any way,” Mr. Coats said.

Homeland Security has added 32 states and 31 local governments to a system that scans internet-connected systems in the federal government every night for vulnerabilities, offering weekly reports and fixes to any issues they find, Ms. Manfra said.

Specialists also spend weeks auditing cyberdefense systems in both federal agencies and state elections offices, and last month, the department decided to prioritize requests for the latter to ensure that they get done swiftly, she added.

Virtually every state is taking steps to harden voter databases and election equipment against outside attacks and to strengthen postelection audits. When the National Association of Secretaries of State holds its winter meeting this weekend in Washington, half of the sessions will be devoted wholly or in part to election security.

New standards for voting equipment were approved last fall that will effectively require manufacturers to include several security improvements in new devices. States are moving to scrap voting machines that do not generate an auditable paper ballot as well as an electronic one; Virginia has decertified most of its devices, Pennsylvania has declared that all new devices will produce paper ballots, and Georgia — a state whose outdated equipment produces only electronic voting records — has set up a pilot program to move to paper.

But a host of problems remains. Roughly one-fifth of the country lacks paper ballots, and replacing digital-only machines costs millions of dollars. Federal legislation that would allot funds to speed up the conversion to paper is crawling through Congress.

Many experts, meanwhile, believe that Russian meddling in the presidential race was but a foretaste of what is to come — not just from the Kremlin, but also from other hostile states and private actors.

“Russia learned a lot last year in what really, I think, can be seen as a series of probing attacks,” Douglas Lute, a retired Army lieutenant general, deputy national security adviser to President George W. Bush and ambassador to NATO under President Barack Obama, said in an interview. “I think we should expect that they learned and they’re going to come back in a much more sophisticated way.”

Commentary: Firewalling Democracy: Federal Inaction on a National Security Priority

This piece originally appeared in The Hill, January 31, 2018.

January marked the first anniversary of the U.S. Department of Homeland Security’s designation of elections as “critical infrastructure,” placing them into the category of other physical or virtual sectors — such as food, water and energy — considered so crucial that their protection is necessary to our national security. Naming “elections” as a critical infrastructure sub-sector was a key action taken by then-Secretary Jeh Johnson following an Intelligence Community report about ways Russia sought to meddle in the 2016 elections via a variety of hacking tactics aimed at election offices, voter databases and our larger digital democracy.

At the time, I was serving as DHS Under Secretary for Intelligence and Analysis — and I was encouraged greatly by the critical infrastructure move. Voting administration is a state and local responsibility, but these entities often are overburdened, under-resourced and not exactly versed in Kremlin-based cyber crimes. The announcement reflected a new reality that election security is national security — and it provided enhanced capabilities for the feds to coordinate on election cyber threats.

However, since that optimistic moment 13 months ago, there has been unwillingness at the highest levels of the federal government to act.

On Capitol Hill, it’s taken a year for the Secure Elections Act (S. 2261), to be introduced. Although a positive first step toward ensuring that states have grants and other support to protect their voting systems, the bill’s future is unclear beyond the six bipartisan co-sponsors backing it.

At DHS, scores of mid-level staff — especially within the National Protection and Programs directorate — are working to answer state and local election officials requesting cyber assistance, while at the same time gathering what limited resources exist to prepare for 2018.  But these folks are operating minus top cover from the White House or other cabinet-level leaders, many of whom continue to eschew that Russia is a concern altogether.

As I consider possible reasons for this federal lack of leadership, it appears the fear of attaching oneself to the politics of the past election — rather than tackling the real challenges of the upcoming one — emerges as the most plausible explanation.

For one, it’s not for lack of threat. The vulnerabilities within our democratic infrastructure are deepening every day. In June, DHS announced that voting systems and registration databases in at least 21 states had been the aim of Russian hacking attempts in 2016. Last fall, across the pond, the Brits laid claim that the same Russia-based Twitter accounts that targeted the 2016 U.S. election also employed divisive rhetoric to influence the Brexit referendum. Even as recently as November, news emerged that Russian bots flooded the Federal Communications Commission’s public comment systems — an important democratic forum for Americans to voice opinions — during the net-neutrality debate, generating millions of fake comments.

Federal procrastination is also seemingly not tied to lack of pressure. It is true that DHS’s initial offers for cyber assistance were not embraced by state and locals in past elections. But since last year, there’s been a backlog of requests pouring in. Meanwhile, local election directors such as Cook County, Illinois’ Noah Praetz, have taken it upon themselves to develop election cybersecurity plans, despite no federal backing. Even the hacker community — traditionally allergic to Washington — has been raising the alarm on election security. For example, DEFCON, the world’s largest hacker conference, held an educational voting machine hacking demonstration last summer to show how susceptible election equipment is to cyber attack.

Finally, I surmise absent response is not a factor of the arduous process that is federal policymaking. Historically, when a national security threat to America is imminent, I’ve seen leaders act swiftly, honorably and without regard for politics. In this case, we have waning time to act: The 2018 election season is weeks away with primaries starting in March in Illinois and Texas. And when it comes to Russia’s goal of undermining democracy, they’re not likely to take this cycle off. Indeed, they will most likely apply the lessons of 2016 with a more calculated approach.

After 47 years in working in national security — much of that spent in the military and federal government — I respect the evolving threats facing democracy today. Yet the urgent work at the state and local level to prepare for future elections will be insufficient if it is not fully matched and funded by the federal government.

With new leaders, including DHS Secretary Kirstjen Nielsen, assuming the helm, this is a moment to choose national defense over politics. A window, albeit closing, exists to support state and locals — along with mid-level civil servants — focused on the problem.

In the vital cause to reassure Americans that their democracy can withstand outside attacks, our enemies are counting on political division and chaotic discourse. I encourage leaders at every level to leverage the best of our national security resources, unite and then prove them wrong.

Francis X. Taylor, a senior advisor at the security consulting firm Cambridge Global Advisors in Washington, is the former under secretary for intelligence and analysis at the Department of Homeland Security. He also served as the former head of diplomatic security with the State Department and is a retired U.S. Air Force brigadier general.

IN-THE-NEWS: Feds Team with Foreign Policy Experts to Assess US Election Security

This article originally appeared in Dark Reading, January 18, 2018.

Expert panel lays out potential risks for the 2018 election cycle and beyond

Speaking at a panel on election security in Chicago last night, Douglas Lute, former US Ambassador to NATO, said he remains very concerned that Russian interference in the 2016 elections has eroded the public’s confidence in the election system, the cornerstone of the American democracy.

“What happened in the 2016 election is as serious a national security threat as I’ve seen in the last 40 years,” said Lute. “When you think of events such as Pearl Harbor and 9-11, those are physical attacks and terrible as they are, we can recover from them. But if we lose confidence in the election system, that erosion is more serious.”

The panel discussion, "Secure the Vote," was sponsored by DEF CON, which held a Voting Machine Hacker Village during its August event, and by the Chicago Council on Global Affairs. Also participating were Rick Driggers, deputy assistant secretary at the US Department of Homeland Security's (DHS) Office of Cybersecurity & Communications, and Greg Bales, community outreach coordinator in Sen. Richard Durbin’s (D-Ill.) office. The panel moderator was Jake Braun, cybersecurity instructor at the University of Chicago.

Braun hailed the panel as the first time the executive and legislative branches of government got together to publicly discuss hacking of the US election system.

In September, DHS informed 21 US states that some component of their respective election systems had been targeted by Russian state-sponsored cybercriminals during the 2016 election campaign. According to DHS, no votes were changed and many of the targets experienced only vulnerability scans. Last night’s discussion was held ahead of the nation’s first primaries this March in Illinois and Texas, both of which were among the 21 targeted states. 

Lute kicked off the panel with five points for attendees to consider:

  • Russia is a proven threat. Although President Donald Trump has rejected the validity of reports on election tampering, national security agencies agreed that Russia attacked our election system in 2016 and that it was state-sponsored under the direction of Russian President Vladimir Putin, said Lute.
  • Russia is not going away. President Putin is likely to win another six-year term this year in an uncontested election, and even if something happened to Putin, he would be replaced by a similar figure who will look to expand on global election hacking efforts, said Lute.
  • Other nation-states are potential threats. It’s clear that other nations such as China, Iran and North Korea have the capability to hack into our elections and other critical businesses and infrastructure.
  • Time is short. The election cycle of 2018 is a short two months away and the 2020 Presidential race is just around the corner.
  • Our allies are vulnerable. Other countries' elections are already experiencing cybersecurity incidents, like the data breach that hit French president Francois Macron days before the election. 

The DHS’s Driggers said DHS is available upon the request of state and local governments to provide security services such as technology assessments, information sharing and basic cyber hygiene. He said in early January 2017, DHS identified the US election system as part of the nation’s critical infrastructure, putting it on the level of our IT, defense, energy, and financial services systems.

"It's definitely a priority in our planning," Driggers said. "We realize that US elections are run by local election officials and our efforts are primarily to support state and local efforts."

On the legislative front, Bales said Sen. Durbin is working hard to support the Secure Elections Act, a bill sponsored by Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.) that seeks to protect against foreign interference in future elections.

"Voting is a bi-partisan American issue, so we have to make sure outside actors like Russia are not involved," Bales said.

As for potential solutions, Lute offered three suggestions: get the entire election system off the Internet; protect the state voter registration databases; and create an audit trail by using optical scanners to track individual paper votes.

Most of Lute’s suggestions are based on the Election Security Plan developed by Noah Praetz, director of elections with the Cook County Clerk’s Office. Praetz’s plan represents the first known formal response by a local government to reported US election hacking in 2016.

Many cybersecurity researchers also called for paper voting or systems that use optical character readers to generate voter-verified paper trails after two (decommissioned) voting machines were hacked within 90 minutes during DEF CON's Voting Machine Hacker Village in August

IN-THE-NEWS: CGA's Doug Lute tells USA Today about the national security implications of protecting our election infrastructure

This piece originally appeared in USA Today, December 7, 2017

Illinois' most populous county has a plan to keep hackers out, after the state's voter registration list was breached during last year's presidential race. There's one big sticking point: the money. 

The director of elections for Illinois' Cook County and a group including Ambassador Douglas Lute will present a strategy to bolster U.S. election systems' defenses against foreign intruders on Thursday. 

That roadmap comes with a request for the federal government to fund their plan, underlining a hurdle for many municipalities as they head into the 2018 midterm and 2020 presidential elections.

While last year's general election made clear the voting system was vulnerable to hackers, and the federal government has instructed the nation's 9,000 election officials to make their voting rolls safer, many municipalities lack funding to make these changes. 

The last time there was significant federal funding for election infrastructure at the local level was the Help America Vote Act of 2002, passed in the aftermath of the controversy surrounding the 2000 president election recount. That resulted in almost $3 billion in funds for new voting equipment

"For a relatively modest investment it seems to me that we can shore up the system significantly," Noah Praetz told USA TODAY.

His five-page plan, sponsored by Cook County Clerk David Orr and being presented at the University of Chicago's Harris School of Public Policy, is part of a broader effort by an ad hoc bipartisan group working to strengthen the U.S. election system after Russian intrusions during the 2016 U.S. presidential race. It calls on the federal government to aid states, laying out a list of 20 defense tactics election officials can take to protect election integrity.

"Make no mistake, this will be a painful and expensive undertaking," it reads.

Just how expensive isn't known. The U.S. election system is highly decentralized. Each jurisdiction has different staff, equipment and funding and must deal with differing local and state regulations governing elections.

For Cook County, which is responsible only for county-wide elections as the city of Chicago holds its own elections, "it's going to cost many millions." Praetz said he couldn't be more specific because the county is in the middle of a procurement process.

Even hundreds of millions is just "a rounding error of the defense department budget," said Lute, a retired three-star general who served under both Obama and George W. Bush.

"We're buying hard defense for America to the tune of $700 billion a year. And for literally less than one-one-thousandth of that, we could make dramatic inroads to secure our election systems. Which quite frankly may be more fundamental [to our security] than the next fighter plane," he said.

Russia will be back

The problem with Russia, which denied any interference in the U.S. election, isn't going to go away, say election officials. The 2016 attacks were a classic Russian intelligence military operation.

"Initially it is rather clumsy. They probe and they make mistakes and they get found out. But they also learn very quickly. I expect that in 2018 they will be back, with a much more sophisticated and targeted approach," said Lute, most recently the former United States Permanent Representative to the North Atlantic Council, NATO’s standing political body.

2016 was a heads up

The 2016 election was a watershed in terms of awareness about foreign election meddling. No one knows the problem better than Illinois, one of two states where federal authorities say Russian hackers succeeded in infiltrating the election system.

The hackers operated undetected for three weeks, viewing the records of 90,000 voters and, according to the Illinois State Board of Elections, attempted to delete or alter some voter data.

Time is also short. Illinois also is one of two states with the earliest primaries in the county, meaning its voters will go to the polls in March.

The white paper suggests the creation of a national digital network for local election officials to quickly share information about threats and incidents. This is in contrast to 2016, when officials in 21 states only learned they'd been targeted almost a year after the fact.

Next, every local and state election official should have a security officer on staff, to deal with these issues. 

The paper then goes on to outline a standard list of the things any company would implement to protect the security of its networks, but which election officials have overall been slow to roll out because of a lack of funding, knowledge and awareness of the dangers.

The final suggestion is the idea that every election jurisdiction needs to come up with a plan about how it will recover if it is hacked. That could mean paper backups of voter registration lists, storing paper ballots or saving digital scans of ballots.

"If we detect breaches and recover from them quickly, we will survive. And so will our democracy," the paper says.  

PRESS RELEASE: First-Ever DEFCON "Voting Machine Hacker Village" Highlights Vulnerabilities in U.S. Voting Systems

Cambridge Global participates in event to bring together critical stakeholders to elevate cyber threats, identify solutions to safeguard our elections

Las Vegas, NV – In light of recent headlines concerning Russian attempts to “hack” and interfere in the 2016 U.S. elections, DEFCON – one of the world's largest and best-known hacker conventions – debuted an interactive "Voting Machine Hacker Village" today a its annual gathering in Las Vegas. The first of its kind in the conference's 25 year history, the Voting Village provided a national stage for hackers, voting experts, government officials and others to raise the alarm on cyber vulnerabilities and threats related to U.S. voting machines, networks, and voter file databases currently in use around the nation.

Cambridge Global Advisors (CGA) – a strategic advisory services firm with deep expertise in cyber and homeland security policy at the global, national, state and local level – provided support to the Voting Village by way of concept development, media outreach, and stakeholder engagement. CGA also contributed to the day-long speaking program, with Jake Braun, CEO of CGA emceeing speeches and panels featuring subject matter experts from a variety of public and private sector organizations such as Verified Voting, the Center for Internet Security, National Governors Association, and National Institute of Standards and Technology (NIST).  

“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we've uncovered even more about exactly how,” said Jake Braun, who originally proposed the idea of the Voting Village to conference founder Jeff Moss earlier this year. “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

Douglas Lute, CGA principal and former U.S. Ambassador to NATO, also spoke at the conference on Friday, noting the importance of bringing the national security community to the table. “Elections have always been the concern and constitutional responsibility of state and local officials. But when Russia decided to interlope in 2016, it upped the ante. This is now a grave national security concern that isn't going away,” said Lute via Skype. “In the words of former FBI Director James Comey, ‘They're coming after America...they will be back.’”

The Voting Village featured more than 30 pieces of equipment for hackers to try their hand at, along with a cyber training range that simulated an board of elections office network and voter registration database.  Within the first 90 minutes, hackers successfully hacked several pieces of equipment, including a machine and pollbook.  The village is expected to be a fixture for DEFCON for at least the next three years, with more equipment, software and other hacking demonstrations to be added in the future.

Voting Village organizers also said that DEFCON provided an initial forum to convene various stakeholders that will be critical to forwarding solutions as a next step. Post-DEFCON, Cambridge Global and others will work to align allies for a national advocacy campaign to implement election security measures in all fifty states. Details and a campaign launch date are expected in the coming weeks.

“The Voting Hacking Village was just the start. This is one conversation that needs to leave Vegas,” said Braun. “There are ways to secure our democracy, but we need an organized advocacy campaign. We need to take these lessons back to DC, to state capitals, and to local election boards around the country to invoke change.”

About CGA

Cambridge Global Advisors (CGA) is a strategic advisory services firm with deep expertise and experience at the global, national, state and local level.  Our mission is to assist our clients in the management, development, and implementation of their national security programs, practices, and policies, with a special interest in homeland and cyber security.

CGA’s senior leadership has been working on cybersecurity policy for some of the largest end users for governments, NGOs, and corporations for a combined 100+ years of experience.  Through client work and numerous positions on advisory boards, the team has served as cyber consults for a host of entities from the President of the United States to local governments such as Cook County, Illinois. Learn more at: www.cambridgeglobal.com

###